How to supply HMAC hash salt to Windows API?

Question

I'm using the HMAC hash for securing data. I hash data on the client, reconstruct the hash on the server, and compare. The hashing on the server (a web api) uses a specific salt for encrypting the data. I now need to use the same salt for my Windows 8 application (using JavaScript API). I have the code in place to perform the hash, but how do I supply a salt for generating the hash, so I can recreate the same hash on JavaScript client and server?

This isn't a server question, but specific to the client JavaScript windows 8 application. Here is my code that I use for hashing. However, I can't find anything in the API that allows me to change the salt...

var provider = Windows.Security.Cryptography.Core.HashAlgorithmProvider.openAlgorithm(
    Windows.Security.Cryptography.Core.HashAlgorithmNames.sha1);
var hash = provider.createHash();
var binary = Windows.Security.Cryptography.CryptographicBuffer.convertStringToBinary(myData, 
         Windows.Security.Cryptography.BinaryStringEncoding.utf8);
hash.append(binary);

var outputHashBinary = hash.getValueAndReset();
var base64Ticket = Windows.Security.Cryptography.CryptographicBuffer.encodeToBase64String(outputHashBinary);

I'll include the sample, but the issues is not that I'm having a problem, but that I'm looking for an API that I fear doesn't exist. — Brian Mains, Jan 26 '13 at 12:24
This might be worth a read: http://stackoverflow.com/questions/4252208/securing-a-javascript-client-with-hmac — cmbuckley, Jan 26 '13 at 12:32

score 1 · Accepted Answer · answered Jan 26 '13 at 14:34

Instead of HashAlgorithmProvider, you should use MacAlgorithmProvider.

Here is MSDN article about MacAlgorithmProvider with a sample in JavaScript language http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.cryptography.core.macalgorithmprovider.aspx?cs-save-lang=1&cs-lang=javascript#code-snippet-1

The example tries to create HMAC as you like

How to supply HMAC hash salt to Windows API?

1 Answers1